| |
| |||||||
Log-Analyse und Auswertung: Sinowal Trojaner? Browser sehr langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.08.2010, 09:59
| #1 |
 |  Sinowal Trojaner? Browser sehr langsam Hallo allerseits, mein Panda Virenscanner hat mir immer wieder fehlermeldungen rausgeschmissen das explorer.exe auf bestimmte Programme zugriefen möchte. Irgendwann hat er mir auch gesagt das er den Trojaner Sinowal.TDO gefunden hat. Panda hat den wohl nicht wegbekommen, und mbam hab ich auch drüberlaufen lassen. Der hat so ca. 12 infizierte Dateien gefunden, aber an dem Problem scheint sich nix getan zu haben.Kann mir irgendjemand helfen ? Hier ist jetzt erstmal der HijackThis log: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:07:45, on 17.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programme\PANDA SOFTWARE\AVTC\PavFnSvr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Application Updater\ApplicationUpdater.exe C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe C:\Programme\PANDA SOFTWARE\AVTC\PSKMsSvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe C:\Programme\PANDA SOFTWARE\AVTC\PsImSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe C:\WINDOWS\Twain_32\FlatBed\HotKey.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Canon\MyPrinter\BJMyPrt.exe C:\WINDOWS\system32\DeltTray.exe C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Programme\pdfforge Toolbar\SearchSettings.exe C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe C:\Programme\PANDA SOFTWARE\AVTC\CpIcnMng.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe C:\Programme\ScanSnap\Driver\PfuSsMon.exe C:\Programme\OpenOffice.org 2.3\program\soffice.exe C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Programme\OpenOffice.org 2.3\program\soffice.BIN C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe C:\Programme\PANDA SOFTWARE\AVTC\TPSrv.exe C:\Programme\PANDA SOFTWARE\AVTC\PavSrv51.exe C:\Programme\PANDA SOFTWARE\AVTC\AVENGINE.EXE C:\Programme\PANDA SOFTWARE\AVTC\SrvLoad.exe C:\Programme\PANDA SOFTWARE\AVTC\WebProxy.exe C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe C:\Programme\PANDA SOFTWARE\AVTC\PSIMMON.exe C:\Programme\PANDA SOFTWARE\AVTC\avciman.exe C:\Programme\PANDA SOFTWARE\AVTC\psimreal.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [ISUSPM] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [HotKey] C:\WINDOWS\Twain_32\FlatBed\HotKey.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Programme\ScanSnap\PfuSsSct.exe /Station O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EEventManager] C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Panda Controller Client] "C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe" O4 - HKLM\..\Run: [CpnIconMng] C:\Programme\PANDA SOFTWARE\AVTC\CpIcnMng.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] "C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: CardMinder Viewer.lnk = ? O4 - Global Startup: In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = ? O4 - Global Startup: ScanSnap Manager.lnk = ? O8 - Extra context menu item: &Google-Suche - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://C:\Programme\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verweisseiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O17 - HKLM\Software\..\Telephony: DomainName = local.roofmusic.de O17 - HKLM\System\CCS\Services\Tcpip\..\{0E2FA1F4-8489-439C-B023-FFB10EAFAA5C}: NameServer = 192.168.100.10,192.168.100.100 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.roofmusic.de O17 - HKLM\System\CS1\Services\Tcpip\..\{0E2FA1F4-8489-439C-B023-FFB10EAFAA5C}: NameServer = 192.168.100.10,192.168.100.100 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = local.roofmusic.de O17 - HKLM\System\CS2\Services\Tcpip\..\{0E2FA1F4-8489-439C-B023-FFB10EAFAA5C}: NameServer = 192.168.100.10,192.168.100.100 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Programme\Application Updater\ApplicationUpdater.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Software Controller - Panda Software International - C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe O23 - Service: Panda Function Service (PavFnSvr) - Unknown owner - C:\Programme\PANDA SOFTWARE\AVTC\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Programme\PANDA SOFTWARE\AVTC\PavSrv51.exe O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Programme\PANDA SOFTWARE\AVTC\PSKMsSvc.exe O23 - Service: Panda Host Service (PSHost) - Unknown owner - C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Programme\PANDA SOFTWARE\AVTC\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programme\PANDA SOFTWARE\AVTC\TPSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14041 bytes |
|
17.08.2010, 12:08
| #2 |
| /// Malwareteam   | Sinowal Trojaner? Browser sehr langsam Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Poste mit bitte das Log von Malwarebytes und zwar als die Infizierugen gefunden wurden. Schritt 2 Programme deinstallieren Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Code:
ATTFilter Ask Toolbar
Ask.com
pdfforge Toolbar
Schritt 3 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Schritt 4 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
|
17.08.2010, 12:28
| #3 |
| | Sinowal Trojaner? Browser sehr langsam Ich danke dir im Vorfeld schonmal für deine Hilfe !!! Hier ist das erste mbam log mit den infizierungen:
__________________Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4435 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 16.08.2010 13:39:51 mbam-log-2010-08-16 (13-39-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 295441 Laufzeit: 10 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Delete on reboot. C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Temp\pdfupd.exe (Trojan.Agent) -> Quarantined and deleted successfully. danach wurde allerdings noch mehr gefunden. Hier noch der zweite log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4435 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 16.08.2010 14:31:29 mbam-log-2010-08-16 (14-31-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 119521 Laufzeit: 45 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Programme\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot. C:\Programme\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully. die programme hab ich jetzt auch deinstalliert Code:
ATTFilter OTL logfile created on: 17.08.2010 13:46:31 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,72 Gb Total Space | 134,87 Gb Free Space | 57,95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS Drive P: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive R: | 930,24 Gb Total Space | 645,81 Gb Free Space | 69,42% Space Free | Partition Type: NTFS Drive S: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Computer Name: WS17 Current User Name: Mlens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Tobit InfoCenter\DVWIN32.EXE (Tobit.Software) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) PRC - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe (Panda Security) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Panda Software\AVTC\PSCtrlS.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\pavsrv51.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PavFnSvr.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\AVENGINE.EXE (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSCtrlC.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\TPSrv.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\WebProxy.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSHost.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PsImReAl.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PsImMon.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\Avciman.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\CpIcnMng.exe (Panda Software International) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) PRC - C:\Programme\Panda Software\AVTC\SrvLoad.exe (Panda Software International) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\system32\delttray.exe (Doug Fetter Software Wizardry) PRC - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Panda Software\AVTC\PavOEpl.dll (Panda Software International) MOD - C:\WINDOWS\system32\PavSHook.dll (Panda Software International) MOD - C:\WINDOWS\system32\TpUtil.dll (Panda Software International) MOD - C:\WINDOWS\system32\SYSTOOLS.dll (Panda Software) MOD - C:\WINDOWS\system32\pavipc.dll (Panda Software International) MOD - C:\WINDOWS\system32\Msvcp71.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\MSVCR71.DLL (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (PavReport) -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) SRV - (PAVAGENTE) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) SRV - (PavAtScheduler) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) SRV - (PavPrSrv) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (Panda Security) SRV - (Panda Software Controller) -- C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe (Panda Software International) SRV - (PavSrv) -- C:\Programme\Panda Software\AVTC\pavsrv51.exe (Panda Software International) SRV - (PavFnSvr) -- C:\Programme\Panda Software\AVTC\PavFnSvr.exe (Panda Software International) SRV - (TPSrv) -- C:\Programme\Panda Software\AVTC\TPSrv.exe (Panda Software International) SRV - (PSHost) -- C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe (Panda Software International) SRV - (PsImSvc) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (PMShellSrv) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (IAANTMon) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ASFIPmon) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WNMFLT) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS File not found DRV - (viyfbqwu) -- C:\WINDOWS\System32\drivers\pjnk.sys File not found DRV - (vbgdjuk) -- C:\WINDOWS\System32\drivers\dneaewk.sys File not found DRV - (PavTPK.sys) -- C:\WINDOWS\System32\PavTPK.sys File not found DRV - (PavSRK.sys) -- C:\WINDOWS\System32\PavSRK.sys File not found DRV - (AvFlt) -- C:\WINDOWS\System32\drivers\av5flt.sys File not found DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security) DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security) DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Software International) DRV - (NpaFlt) -- C:\WINDOWS\system32\drivers\npaflt.sys (Panda Software) DRV - (pavdrv) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Software International) DRV - (SMSFLT) -- C:\WINDOWS\system32\drivers\smsflt.sys (Panda Software International) DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Software) DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Software) DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Software International) DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Software) DRV - (NETIMFLT) -- C:\WINDOWS\system32\drivers\netimflt.sys (Panda Software) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio) DRV - (BASFND) -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.17 11:23:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.12 12:46:30 | 000,000,000 | ---D | M] [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Extensions [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Firefox\Profiles\vhg7s429.default\extensions [2010.08.17 13:41:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.20 12:02:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.20 12:02:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.20 12:02:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.20 12:02:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.20 12:02:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CpnIconMng] C:\Programme\Panda Software\AVTC\CpIcnMng.exe (Panda Software International) O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Controller Client] C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe (Panda Software International) O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\ScanSnap\PfuSsSct.exe File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe (ecile) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ba582c00-79fc-11df-8104-001aa008a721}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.17 13:45:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.08.17 10:57:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 15:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Mac_Miller-K.I.D.S.-OnSMASH-2010 [2010.08.16 13:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.16 13:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 11:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Ulead VideoStudio [2010.08.03 17:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DSPXMedia [2010.08.03 17:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Macaw [2010.08.03 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2010.08.02 15:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.08.02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IoSubSys [2010.08.02 15:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\InterVideo [2010.08.02 15:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.08.02 14:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\WINDOWS [2010.08.02 10:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Köb [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.07.23 17:22:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.07.23 17:22:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.07.23 17:22:25 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.07.23 17:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.07.23 17:22:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.07.23 17:22:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.07.23 17:22:22 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.07.23 17:22:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.07.23 17:22:21 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.07.23 17:22:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.07.23 17:22:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.07.23 17:22:21 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.07.23 17:22:15 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.07.23 17:22:15 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll [2010.07.23 17:06:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\vlc [2010.07.23 17:05:09 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.07.23 13:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Sonic [2010.07.23 13:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.21 12:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.21 12:14:12 | 000,000,000 | ---D | C] -- C:\Programme\iZotope [2010.07.20 02:20:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:36:07 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\NTUSER.DAT [2010.08.17 13:28:29 | 000,118,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck [2010.08.17 13:28:29 | 000,118,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls [2010.08.17 13:28:29 | 000,076,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2010.08.17 13:28:29 | 000,076,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2010.08.17 13:28:29 | 000,001,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2010.08.17 13:28:29 | 000,001,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2010.08.17 13:28:29 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2010.08.17 13:28:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2010.08.17 11:16:14 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tobit.ini [2010.08.17 11:05:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.17 10:15:54 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2010.08.17 10:15:54 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2010.08.17 10:15:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 10:15:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 10:15:36 | 000,062,375 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010.08.17 10:15:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck [2010.08.17 10:15:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt [2010.08.17 10:15:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.17 10:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.17 10:15:18 | 2145,021,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 13:26:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 13:09:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.13 12:39:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.02 15:45:45 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.26 12:05:59 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.07.26 09:28:37 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.23 18:12:56 | 000,002,615 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:05:42 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 14:14:19 | 000,015,735 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\hs_err_pid2448.log [2010.08.03 17:01:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll [2010.08.02 15:45:45 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.23 18:12:56 | 000,002,615 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.07.23 17:22:34 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn [2010.07.23 17:22:34 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor [2010.07.23 17:22:29 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl [2010.07.23 17:22:29 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab [2010.07.23 17:22:29 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl [2010.07.23 17:22:29 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl [2010.07.23 17:22:29 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab [2010.07.23 17:22:29 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls [2010.07.23 17:22:28 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl [2010.07.23 17:22:28 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl [2010.07.23 17:22:28 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2010.07.23 17:22:28 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2010.07.23 17:22:28 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl [2010.07.23 17:22:28 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl [2010.07.23 17:22:28 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl [2010.07.23 17:22:28 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl [2010.07.23 17:22:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl [2010.07.23 17:22:26 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB [2010.07.23 17:22:26 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB [2010.07.23 17:22:26 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.07.23 17:22:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.07.23 17:22:25 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.07.23 17:05:42 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.23 16:59:22 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 12:39:20 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.06.08 10:32:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini [2010.05.31 14:35:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dvwin32.INI [2010.05.17 10:18:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.07 12:13:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2010.05.07 12:13:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2010.05.07 12:12:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2010.05.07 12:12:43 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2010.05.07 12:12:26 | 000,000,680 | ---- | C] () -- C:\WINDOWS\tobit.ini [2009.05.07 13:13:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.05.04 14:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.19 16:24:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.11.19 15:49:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.11.19 15:48:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini [2008.10.08 10:37:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:03:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2008.05.23 12:35:36 | 000,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.10.31 10:37:46 | 000,000,020 | ---- | C] () -- C:\WINDOWS\AVTC.ini [2007.10.25 16:18:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5o.DLL [2007.10.25 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.01 11:06:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.08.01 11:06:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.08.01 11:06:04 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.08.01 11:06:04 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.04.27 11:26:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini [2007.04.27 11:23:44 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll [2007.04.05 23:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.04.05 23:25:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.04.05 23:07:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.05 23:06:01 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 13:40:54 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.13 13:40:54 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.13 13:40:54 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.13 13:40:54 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.13 13:40:54 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2000.08.29 14:40:10 | 000,006,137 | ---- | C] () -- C:\WINDOWS\System32\E1.ini ========== LOP Check ========== [2007.11.30 15:47:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.02.16 18:01:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2009.12.24 15:30:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2007.08.01 11:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo [2008.02.21 10:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel [2007.08.01 11:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2007.08.01 11:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.08.17 13:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Aseq [2010.07.06 10:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Canon [2010.05.17 10:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\EPSON [2010.08.02 15:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.07.23 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.23 13:27:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.20 02:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu [2010.05.17 10:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\PFU [2010.05.17 10:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Tobit [2010.08.13 13:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Ulead Systems ========== Purity Check ========== < End of report > UND: Code:
ATTFilter OTL logfile created on: 17.08.2010 13:46:31 - Run 1 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,72 Gb Total Space | 134,87 Gb Free Space | 57,95% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS Drive P: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive R: | 930,24 Gb Total Space | 645,81 Gb Free Space | 69,42% Space Free | Partition Type: NTFS Drive S: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Computer Name: WS17 Current User Name: Mlens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Tobit InfoCenter\DVWIN32.EXE (Tobit.Software) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) PRC - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe (Panda Security) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Panda Software\AVTC\PSCtrlS.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\pavsrv51.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PavFnSvr.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\AVENGINE.EXE (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSCtrlC.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\TPSrv.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\WebProxy.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSHost.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PsImReAl.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PsImMon.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\Avciman.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\CpIcnMng.exe (Panda Software International) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) PRC - C:\Programme\Panda Software\AVTC\SrvLoad.exe (Panda Software International) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\system32\delttray.exe (Doug Fetter Software Wizardry) PRC - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Panda Software\AVTC\PavOEpl.dll (Panda Software International) MOD - C:\WINDOWS\system32\PavSHook.dll (Panda Software International) MOD - C:\WINDOWS\system32\TpUtil.dll (Panda Software International) MOD - C:\WINDOWS\system32\SYSTOOLS.dll (Panda Software) MOD - C:\WINDOWS\system32\pavipc.dll (Panda Software International) MOD - C:\WINDOWS\system32\Msvcp71.DLL (Microsoft Corporation) MOD - C:\WINDOWS\system32\MSVCR71.DLL (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (PavReport) -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) SRV - (PAVAGENTE) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) SRV - (PavAtScheduler) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) SRV - (PavPrSrv) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (Panda Security) SRV - (Panda Software Controller) -- C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe (Panda Software International) SRV - (PavSrv) -- C:\Programme\Panda Software\AVTC\pavsrv51.exe (Panda Software International) SRV - (PavFnSvr) -- C:\Programme\Panda Software\AVTC\PavFnSvr.exe (Panda Software International) SRV - (TPSrv) -- C:\Programme\Panda Software\AVTC\TPSrv.exe (Panda Software International) SRV - (PSHost) -- C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe (Panda Software International) SRV - (PsImSvc) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (PMShellSrv) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (IAANTMon) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ASFIPmon) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WNMFLT) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS File not found DRV - (viyfbqwu) -- C:\WINDOWS\System32\drivers\pjnk.sys File not found DRV - (vbgdjuk) -- C:\WINDOWS\System32\drivers\dneaewk.sys File not found DRV - (PavTPK.sys) -- C:\WINDOWS\System32\PavTPK.sys File not found DRV - (PavSRK.sys) -- C:\WINDOWS\System32\PavSRK.sys File not found DRV - (AvFlt) -- C:\WINDOWS\System32\drivers\av5flt.sys File not found DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security) DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security) DRV - (IDSFLT) -- C:\WINDOWS\system32\drivers\idsflt.sys (Panda Software International) DRV - (NpaFlt) -- C:\WINDOWS\system32\drivers\npaflt.sys (Panda Software) DRV - (pavdrv) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Software International) DRV - (SMSFLT) -- C:\WINDOWS\system32\drivers\smsflt.sys (Panda Software International) DRV - (NETFLTDI) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS (Panda Software) DRV - (FNETMON) -- C:\WINDOWS\system32\drivers\fnetmon.sys (Panda Software) DRV - (DSAFLT) -- C:\WINDOWS\system32\drivers\dsaflt.sys (Panda Software International) DRV - (APPFLT) -- C:\WINDOWS\system32\drivers\APPFLT.SYS (Panda Software) DRV - (NETIMFLT) -- C:\WINDOWS\system32\drivers\netimflt.sys (Panda Software) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio) DRV - (BASFND) -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.17 11:23:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.12 12:46:30 | 000,000,000 | ---D | M] [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Extensions [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Firefox\Profiles\vhg7s429.default\extensions [2010.08.17 13:41:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.20 12:02:16 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.20 12:02:16 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.20 12:02:16 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.20 12:02:16 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.20 12:02:16 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CpnIconMng] C:\Programme\Panda Software\AVTC\CpIcnMng.exe (Panda Software International) O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Controller Client] C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe (Panda Software International) O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\ScanSnap\PfuSsSct.exe File not found O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe (ecile) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Programme\PANDA SOFTWARE\AVTC\pavlsp.dll (Panda Software International) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ba582c00-79fc-11df-8104-001aa008a721}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.17 13:45:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.08.17 10:57:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 15:21:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Mac_Miller-K.I.D.S.-OnSMASH-2010 [2010.08.16 13:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.16 13:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 11:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Ulead VideoStudio [2010.08.03 17:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DSPXMedia [2010.08.03 17:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Macaw [2010.08.03 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2010.08.02 15:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.08.02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IoSubSys [2010.08.02 15:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\InterVideo [2010.08.02 15:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.08.02 14:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\WINDOWS [2010.08.02 10:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Köb [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.07.23 17:22:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.07.23 17:22:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.07.23 17:22:25 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.07.23 17:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.07.23 17:22:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.07.23 17:22:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.07.23 17:22:22 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.07.23 17:22:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.07.23 17:22:21 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.07.23 17:22:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.07.23 17:22:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.07.23 17:22:21 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.07.23 17:22:15 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.07.23 17:22:15 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll [2010.07.23 17:06:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\vlc [2010.07.23 17:05:09 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.07.23 13:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Sonic [2010.07.23 13:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.21 12:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.21 12:14:12 | 000,000,000 | ---D | C] -- C:\Programme\iZotope [2010.07.20 02:20:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:36:07 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\NTUSER.DAT [2010.08.17 13:28:29 | 000,118,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck [2010.08.17 13:28:29 | 000,118,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls [2010.08.17 13:28:29 | 000,076,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2010.08.17 13:28:29 | 000,076,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2010.08.17 13:28:29 | 000,001,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2010.08.17 13:28:29 | 000,001,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2010.08.17 13:28:29 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2010.08.17 13:28:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2010.08.17 13:28:29 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2010.08.17 11:16:14 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tobit.ini [2010.08.17 11:05:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.17 10:15:54 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2010.08.17 10:15:54 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2010.08.17 10:15:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 10:15:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 10:15:36 | 000,062,375 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010.08.17 10:15:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck [2010.08.17 10:15:33 | 000,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt [2010.08.17 10:15:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.17 10:15:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.17 10:15:18 | 2145,021,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.16 13:26:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 13:09:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.13 12:39:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.02 15:45:45 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.26 12:05:59 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.07.26 09:28:37 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.23 18:12:56 | 000,002,615 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:05:42 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.16 14:14:19 | 000,015,735 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\hs_err_pid2448.log [2010.08.03 17:01:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll [2010.08.02 15:45:45 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.23 18:12:56 | 000,002,615 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.07.23 17:22:34 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn [2010.07.23 17:22:34 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor [2010.07.23 17:22:29 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl [2010.07.23 17:22:29 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab [2010.07.23 17:22:29 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl [2010.07.23 17:22:29 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl [2010.07.23 17:22:29 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab [2010.07.23 17:22:29 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls [2010.07.23 17:22:28 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl [2010.07.23 17:22:28 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl [2010.07.23 17:22:28 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2010.07.23 17:22:28 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2010.07.23 17:22:28 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl [2010.07.23 17:22:28 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl [2010.07.23 17:22:28 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl [2010.07.23 17:22:28 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl [2010.07.23 17:22:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl [2010.07.23 17:22:26 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB [2010.07.23 17:22:26 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB [2010.07.23 17:22:26 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.07.23 17:22:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.07.23 17:22:25 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.07.23 17:05:42 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.23 16:59:22 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 12:39:20 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.06.08 10:32:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini [2010.05.31 14:35:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dvwin32.INI [2010.05.17 10:18:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.07 12:13:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2010.05.07 12:13:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2010.05.07 12:12:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2010.05.07 12:12:43 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2010.05.07 12:12:26 | 000,000,680 | ---- | C] () -- C:\WINDOWS\tobit.ini [2009.05.07 13:13:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.05.04 14:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.19 16:24:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.11.19 15:49:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.11.19 15:48:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini [2008.10.08 10:37:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:03:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2008.05.23 12:35:36 | 000,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.10.31 10:37:46 | 000,000,020 | ---- | C] () -- C:\WINDOWS\AVTC.ini [2007.10.25 16:18:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5o.DLL [2007.10.25 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.01 11:06:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.08.01 11:06:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.08.01 11:06:04 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.08.01 11:06:04 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.04.27 11:26:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini [2007.04.27 11:23:44 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll [2007.04.05 23:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.04.05 23:25:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.04.05 23:07:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.05 23:06:01 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 13:40:54 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004.08.13 13:40:54 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004.08.13 13:40:54 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004.08.13 13:40:54 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004.08.13 13:40:54 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2000.08.29 14:40:10 | 000,006,137 | ---- | C] () -- C:\WINDOWS\System32\E1.ini ========== LOP Check ========== [2007.11.30 15:47:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.02.16 18:01:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2009.12.24 15:30:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2007.08.01 11:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo [2008.02.21 10:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel [2007.08.01 11:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2007.08.01 11:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.08.17 13:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Aseq [2010.07.06 10:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Canon [2010.05.17 10:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\EPSON [2010.08.02 15:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.07.23 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.23 13:27:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.20 02:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu [2010.05.17 10:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\PFU [2010.05.17 10:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Tobit [2010.08.13 13:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Ulead Systems ========== Purity Check ========== < End of report > |
|
17.08.2010, 14:38
| #4 |
| /// Malwareteam | Sinowal Trojaner? Browser sehr langsam Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
DRV - (WNMFLT) -- C:\WINDOWS\System32\Drivers\WNMFLT.SYS File not found
DRV - (viyfbqwu) -- C:\WINDOWS\System32\drivers\pjnk.sys File not found
DRV - (vbgdjuk) -- C:\WINDOWS\System32\drivers\dneaewk.sys File not found
DRV - (PavTPK.sys) -- C:\WINDOWS\System32\PavTPK.sys File not found
DRV - (PavSRK.sys) -- C:\WINDOWS\System32\PavSRK.sys File not found
DRV - (AvFlt) -- C:\WINDOWS\System32\drivers\av5flt.sys File not found
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Programme\ScanSnap\PfuSsSct.exe File not found
O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe (ecile)
[2010.07.20 02:20:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu
:Commands
[purity]
[emptytemp]
Schritt 2 Starte bitte OTL.exe Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. |
|
17.08.2010, 15:40
| #5 |
| | Sinowal Trojaner? Browser sehr langsam Schritt 1 erledigt. Log: Code:
ATTFilter All processes killed
========== OTL ==========
Error: No service named WNMFLT was found to stop!
Service\Driver key WNMFLT not found.
File C:\WINDOWS\System32\Drivers\WNMFLT.SYS File not found not found.
Service viyfbqwu stopped successfully!
Service viyfbqwu deleted successfully!
File C:\WINDOWS\System32\drivers\pjnk.sys File not found not found.
Service vbgdjuk stopped successfully!
Service vbgdjuk deleted successfully!
File C:\WINDOWS\System32\drivers\dneaewk.sys File not found not found.
Error: No service named PavTPK.sys was found to stop!
Service\Driver key PavTPK.sys not found.
File C:\WINDOWS\System32\PavTPK.sys File not found not found.
Error: No service named PavSRK.sys was found to stop!
Service\Driver key PavSRK.sys not found.
File C:\WINDOWS\System32\PavSRK.sys File not found not found.
Service AvFlt stopped successfully!
Service AvFlt deleted successfully!
File C:\WINDOWS\System32\drivers\av5flt.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{327C2873-E90D-4c37-AA9D-10AC9BABA46C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{327C2873-E90D-4c37-AA9D-10AC9BABA46C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PfuSsSct.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{CE373484-3393-B24C-4116-54883ED3D8B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE373484-3393-B24C-4116-54883ED3D8B1}\ not found.
C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe moved successfully.
C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: administrator.LOCAL
->Temp folder emptied: 21951796 bytes
->Temporary Internet Files folder emptied: 7212869 bytes
->FireFox cache emptied: 4474932 bytes
User: ADMINI~1~LOC
User: All Users
User: annam
->Temp folder emptied: 288059 bytes
->Temporary Internet Files folder emptied: 13454935 bytes
->FireFox cache emptied: 104906223 bytes
->Flash cache emptied: 5113 bytes
User: arade
->Temp folder emptied: 715754 bytes
->Temporary Internet Files folder emptied: 285888 bytes
->FireFox cache emptied: 5404005 bytes
->Flash cache emptied: 348 bytes
User: awron
->Temp folder emptied: 2831304 bytes
->Temporary Internet Files folder emptied: 273161 bytes
User: bkowa
->Temp folder emptied: 17384384 bytes
->Temporary Internet Files folder emptied: 256039002 bytes
->Java cache emptied: 15438 bytes
->FireFox cache emptied: 77560754 bytes
->Flash cache emptied: 2963 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: dgons
->Temp folder emptied: 1925840 bytes
->Temporary Internet Files folder emptied: 4287992 bytes
->FireFox cache emptied: 2016390 bytes
User: karom
->Temp folder emptied: 249010493 bytes
->Temporary Internet Files folder emptied: 213631900 bytes
->Java cache emptied: 2767463 bytes
->FireFox cache emptied: 108976495 bytes
->Flash cache emptied: 22691 bytes
User: kgoss
->Temp folder emptied: 597340 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 2547925 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 887186 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2217 bytes
User: mlens
->Temp folder emptied: 308146832 bytes
->Temporary Internet Files folder emptied: 271039721 bytes
->Java cache emptied: 290092 bytes
->FireFox cache emptied: 77401953 bytes
->Flash cache emptied: 5974 bytes
User: mmoen
->Temp folder emptied: 1999289 bytes
->Temporary Internet Files folder emptied: 4028280 bytes
->FireFox cache emptied: 8756706 bytes
->Flash cache emptied: 795 bytes
User: mwelt
->Temp folder emptied: 1198865227 bytes
->Temporary Internet Files folder emptied: 67826662 bytes
->Java cache emptied: 6070 bytes
->FireFox cache emptied: 15072982 bytes
->Flash cache emptied: 2591 bytes
User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 9084377 bytes
->Java cache emptied: 4567 bytes
->Flash cache emptied: 4305 bytes
User: sgrue
->Temp folder emptied: 303658833 bytes
->Temporary Internet Files folder emptied: 125216709 bytes
->Java cache emptied: 2000826 bytes
->FireFox cache emptied: 65727904 bytes
->Flash cache emptied: 1898633 bytes
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: theim
->Temp folder emptied: 10547120 bytes
->Temporary Internet Files folder emptied: 23254287 bytes
->FireFox cache emptied: 42055442 bytes
->Flash cache emptied: 1641 bytes
User: ukop
->Temp folder emptied: 209887 bytes
->Temporary Internet Files folder emptied: 1375629 bytes
->Java cache emptied: 681359 bytes
->FireFox cache emptied: 62815675 bytes
->Flash cache emptied: 687 bytes
User: yfisc
->Temp folder emptied: 745115 bytes
->Temporary Internet Files folder emptied: 3591724 bytes
->FireFox cache emptied: 14196298 bytes
->Flash cache emptied: 719 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 123446662 bytes
RecycleBin emptied: 113019989 bytes
Total Files Cleaned = 3.773,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08172010_163759
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
 |
|
17.08.2010, 15:44
| #6 |
| | Sinowal Trojaner? Browser sehr langsam Hier der Log nach Schritt 2: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.08.2010 16:49:49 - Run 2 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,72 Gb Total Space | 138,45 Gb Free Space | 59,49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS Drive P: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Drive R: | 930,24 Gb Total Space | 645,81 Gb Free Space | 69,42% Space Free | Partition Type: NTFS Drive S: | 1032,54 Gb Total Space | 851,92 Gb Free Space | 82,51% Space Free | Partition Type: NTFS Computer Name: WS17 Current User Name: Mlens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) PRC - C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) PRC - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe (Panda Security) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Panda Software\AVTC\PSCtrlC.exe (Panda Software International) PRC - C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\system32\delttray.exe (Doug Fetter Software Wizardry) PRC - C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (PavReport) -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe (Panda Software) SRV - (PAVAGENTE) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe (Panda Software) SRV - (PavAtScheduler) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe (Panda Software) SRV - (PavPrSrv) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe (Panda Security) SRV - (Panda Software Controller) -- C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe (Panda Software International) SRV - (PavSrv) -- C:\Programme\Panda Software\AVTC\pavsrv51.exe (Panda Software International) SRV - (PsImSvc) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE (Panda Software International) SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (PMShellSrv) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe (Panda Software International) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (IAANTMon) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ASFIPmon) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (ShldDrv) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys (Panda Security) DRV - (PavProc) -- C:\WINDOWS\system32\drivers\PavProc.sys (Panda Security) DRV - (pavdrv) -- C:\WINDOWS\system32\drivers\pavdrv51.sys (Panda Software International) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio) DRV - (BASFND) -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (Asapi) -- C:\WINDOWS\System32\drivers\asapi.sys (VOB Computersysteme GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.17 16:06:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.17 16:06:37 | 000,000,000 | ---D | M] [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Extensions [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Firefox\Profiles\vhg7s429.default\extensions [2010.08.17 13:41:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Controller Client] C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe (Panda Software International) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ba582c00-79fc-11df-8104-001aa008a721}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.17 16:37:59 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.17 16:21:01 | 000,292,400 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\PavSHook.dll [2010.08.17 16:21:01 | 000,161,328 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\TpUtil.dll [2010.08.17 16:21:01 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.dll [2010.08.17 16:21:01 | 000,063,024 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pavipc.dll [2010.08.17 16:21:01 | 000,054,712 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\npaflt.sys [2010.08.17 16:21:01 | 000,050,736 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\avldr.dll [2010.08.17 16:20:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Cisco Systems [2010.08.17 15:23:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Cyberlink [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\CyberLink [2010.08.17 14:13:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\PowerDVD [2010.08.17 13:45:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.08.17 10:57:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.16 13:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 11:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Ulead VideoStudio [2010.08.03 17:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DSPXMedia [2010.08.03 17:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Macaw [2010.08.03 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2010.08.02 15:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.08.02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IoSubSys [2010.08.02 15:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\InterVideo [2010.08.02 15:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.08.02 14:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\WINDOWS [2010.08.02 10:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Köb [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.07.23 17:22:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.07.23 17:22:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.07.23 17:22:25 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.07.23 17:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.07.23 17:22:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.07.23 17:22:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.07.23 17:22:22 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.07.23 17:22:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.07.23 17:22:21 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.07.23 17:22:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.07.23 17:22:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.07.23 17:22:21 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.07.23 17:22:15 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.07.23 17:22:15 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll [2010.07.23 17:06:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\vlc [2010.07.23 17:05:09 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.07.23 13:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Sonic [2010.07.23 13:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.21 12:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.21 12:14:12 | 000,000,000 | ---D | C] -- C:\Programme\iZotope ========== Files - Modified Within 30 Days ========== [2010.08.17 16:47:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 16:47:23 | 000,062,375 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010.08.17 16:47:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.17 16:47:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.17 16:47:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.17 16:47:03 | 2145,021,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.17 16:46:21 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\NTUSER.DAT [2010.08.17 16:26:20 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tobit.ini [2010.08.17 16:21:25 | 000,038,743 | ---- | M] () -- C:\WINDOWS\LpAVTC.XML [2010.08.17 16:21:25 | 000,000,387 | ---- | M] () -- C:\WINDOWS\LeAVTC.XML [2010.08.17 16:21:25 | 000,000,022 | ---- | M] () -- C:\WINDOWS\LoadConfig.ini [2010.08.17 16:06:39 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.17 15:27:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.17 14:16:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 11:05:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:26:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 13:09:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.02 15:45:45 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.26 12:05:59 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.07.26 09:28:37 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.23 18:12:56 | 000,002,615 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:05:42 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2010.08.17 16:21:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini [2010.08.17 15:27:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 15:27:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.16 14:14:19 | 000,015,735 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\hs_err_pid2448.log [2010.08.03 17:01:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll [2010.08.02 15:45:45 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.23 18:12:56 | 000,002,615 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.07.23 17:22:34 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn [2010.07.23 17:22:34 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor [2010.07.23 17:22:29 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl [2010.07.23 17:22:29 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab [2010.07.23 17:22:29 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl [2010.07.23 17:22:29 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl [2010.07.23 17:22:29 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab [2010.07.23 17:22:29 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls [2010.07.23 17:22:28 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl [2010.07.23 17:22:28 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl [2010.07.23 17:22:28 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2010.07.23 17:22:28 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2010.07.23 17:22:28 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl [2010.07.23 17:22:28 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl [2010.07.23 17:22:28 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl [2010.07.23 17:22:28 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl [2010.07.23 17:22:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl [2010.07.23 17:22:26 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB [2010.07.23 17:22:26 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB [2010.07.23 17:22:26 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.07.23 17:22:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.07.23 17:22:25 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.07.23 17:05:42 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.23 16:59:22 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 12:39:20 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.05.31 14:35:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dvwin32.INI [2010.05.17 10:18:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.07 12:13:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2010.05.07 12:13:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2010.05.07 12:12:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2010.05.07 12:12:43 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2010.05.07 12:12:26 | 000,000,680 | ---- | C] () -- C:\WINDOWS\tobit.ini [2009.05.07 13:13:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.05.04 14:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.19 16:24:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.11.19 15:49:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.11.19 15:48:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini [2008.10.08 10:37:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:03:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2008.05.23 12:35:36 | 000,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.10.25 16:18:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5o.DLL [2007.10.25 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.01 11:06:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.08.01 11:06:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.08.01 11:06:04 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.08.01 11:06:04 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.04.27 11:26:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini [2007.04.27 11:23:44 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll [2007.04.05 23:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.04.05 23:25:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.04.05 23:07:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.05 23:06:01 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2000.08.29 14:40:10 | 000,006,137 | ---- | C] () -- C:\WINDOWS\System32\E1.ini < End of report > Ich kann übrigens zumindest schonmal sagen das ich meine browser wieder öffnen kann, alles wieder so schnell wie vorher geht und ich sogar mal wieder in meinen googlemailaccount komm...was ich seit 1 1/2 wochen nicht mehr geschafft hab. Danke schonmal dafür !!!! Geändert von Rooq (17.08.2010 um 15:50 Uhr) |
|
17.08.2010, 20:47
| #7 |
| /// Malwareteam | Sinowal Trojaner? Browser sehr langsam Das ist das falsche Log. Ich möchte gerne das Extra.txt Log von OTL sehen. |
|
18.08.2010, 08:47
| #8 |
| | Sinowal Trojaner? Browser sehr langsam Ou entschuldige, da ist mir wohl ein Fehler unterlaufen. Hier jetzt das extra.log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.08.2010 09:51:29 - Run 3 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,72 Gb Total Space | 138,39 Gb Free Space | 59,47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 1032,54 Gb Total Space | 851,85 Gb Free Space | 82,50% Space Free | Partition Type: NTFS Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS Drive P: | 1032,54 Gb Total Space | 851,85 Gb Free Space | 82,50% Space Free | Partition Type: NTFS Drive R: | 930,24 Gb Total Space | 645,81 Gb Free Space | 69,42% Space Free | Partition Type: NTFS Drive S: | 1032,54 Gb Total Space | 851,85 Gb Free Space | 82,50% Space Free | Partition Type: NTFS Computer Name: WS17 Current User Name: Mlens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe PRC - [2010.05.03 12:22:10 | 008,659,968 | ---- | M] (Tobit.Software) -- C:\Programme\Tobit InfoCenter\DVWIN32.EXE PRC - [2009.10.10 14:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2009.10.10 14:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.10.15 02:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_05\bin\jusched.exe PRC - [2007.10.31 15:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007.10.19 11:17:38 | 000,058,672 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe PRC - [2007.10.19 11:17:35 | 000,431,408 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe PRC - [2007.10.19 11:16:25 | 000,193,840 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe PRC - [2007.10.16 11:40:26 | 000,041,776 | ---- | M] (Panda Security) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe PRC - [2007.09.10 21:30:02 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.bin PRC - [2007.09.10 21:30:00 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.exe PRC - [2007.07.04 09:48:46 | 000,226,608 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\PSCtrlC.exe PRC - [2007.05.24 10:31:25 | 000,108,592 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE PRC - [2007.04.04 03:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.03.30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Programme\ScanSnap\Driver\PfuSsMon.exe PRC - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe PRC - [2007.03.03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2007.01.15 14:42:14 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe PRC - [2006.10.09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe PRC - [2006.04.26 08:39:18 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.04.26 08:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.03.20 17:34:50 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2006.03.17 18:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2005.09.08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2004.08.26 22:43:06 | 000,056,320 | ---- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\delttray.exe PRC - [2003.04.04 09:42:28 | 000,606,208 | ---- | M] (Pmx. Electronics Ltd.) -- C:\WINDOWS\twain_32\FlatBed\HotKey.Exe ========== Modules (SafeList) ========== MOD - [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.31 15:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007.10.19 11:18:30 | 000,759,088 | ---- | M] (Panda Software) [On_Demand | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -- (PavReport) SRV - [2007.10.19 11:17:35 | 000,431,408 | ---- | M] (Panda Software) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (PAVAGENTE) SRV - [2007.10.19 11:16:25 | 000,193,840 | ---- | M] (Panda Software) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -- (PavAtScheduler) SRV - [2007.10.16 11:40:26 | 000,041,776 | ---- | M] (Panda Security) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv) SRV - [2007.08.22 14:50:20 | 000,378,672 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe -- (Panda Software Controller) SRV - [2007.07.16 15:14:20 | 000,148,272 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\pavsrv51.exe -- (PavSrv) SRV - [2007.05.24 10:31:25 | 000,108,592 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE -- (PsImSvc) SRV - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.03.03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2007.01.15 14:42:14 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\pskmssvc.exe -- (PMShellSrv) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.04.26 08:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel(R) SRV - [2006.03.17 18:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.10.17 14:03:53 | 000,039,096 | ---- | M] (Panda Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2007.10.15 13:16:00 | 000,179,384 | ---- | M] (Panda Security) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc) DRV - [2007.06.06 11:43:31 | 000,083,640 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (pavdrv) DRV - [2006.10.10 14:03:48 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2006.05.01 08:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.03.20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.03.12 11:04:00 | 003,520,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005.09.12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005.09.08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.09.08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.09.08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.09.08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.09.08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.09.08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.09.08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.08.25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.08.12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2004.09.10 11:28:46 | 000,291,456 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM) DRV - [2003.04.24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2002.07.17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2001.08.18 05:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.17 16:06:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.17 16:06:37 | 000,000,000 | ---D | M] [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Extensions [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Firefox\Profiles\vhg7s429.default\extensions [2010.08.17 13:41:52 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Controller Client] C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe (Panda Software International) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ba582c00-79fc-11df-8104-001aa008a721}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.17 16:37:59 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.17 16:21:01 | 000,292,400 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\PavSHook.dll [2010.08.17 16:21:01 | 000,161,328 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\TpUtil.dll [2010.08.17 16:21:01 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.dll [2010.08.17 16:21:01 | 000,063,024 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pavipc.dll [2010.08.17 16:21:01 | 000,054,712 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\npaflt.sys [2010.08.17 16:21:01 | 000,050,736 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\avldr.dll [2010.08.17 16:20:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Cisco Systems [2010.08.17 15:23:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Cyberlink [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\CyberLink [2010.08.17 14:13:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\PowerDVD [2010.08.17 13:45:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.08.17 10:57:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.16 13:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 11:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Ulead VideoStudio [2010.08.03 17:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DSPXMedia [2010.08.03 17:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Macaw [2010.08.03 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2010.08.02 15:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.08.02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IoSubSys [2010.08.02 15:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\InterVideo [2010.08.02 15:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.08.02 14:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\WINDOWS [2010.08.02 10:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Köb [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll [2010.07.23 17:22:35 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll [2010.07.23 17:22:35 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex [2010.07.23 17:22:34 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll [2010.07.23 17:22:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll [2010.07.23 17:22:33 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll [2010.07.23 17:22:30 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll [2010.07.23 17:22:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll [2010.07.23 17:22:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll [2010.07.23 17:22:25 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll [2010.07.23 17:22:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe [2010.07.23 17:22:25 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe [2010.07.23 17:22:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll [2010.07.23 17:22:22 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll [2010.07.23 17:22:21 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll [2010.07.23 17:22:21 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe [2010.07.23 17:22:21 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll [2010.07.23 17:22:21 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll [2010.07.23 17:22:21 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll [2010.07.23 17:22:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll [2010.07.23 17:22:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll [2010.07.23 17:22:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll [2010.07.23 17:22:15 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe [2010.07.23 17:22:15 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll [2010.07.23 17:22:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll [2010.07.23 17:22:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll [2010.07.23 17:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll [2010.07.23 17:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll [2010.07.23 17:21:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll [2010.07.23 17:06:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\vlc [2010.07.23 17:05:09 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.07.23 13:27:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Sonic [2010.07.23 13:27:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.07.21 12:18:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.21 12:14:12 | 000,000,000 | ---D | C] -- C:\Programme\iZotope ========== Files - Modified Within 30 Days ========== [2010.08.18 09:49:07 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tobit.ini [2010.08.18 09:48:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.18 09:47:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.18 09:47:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.18 09:47:31 | 000,062,375 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010.08.18 09:47:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.18 09:47:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.18 09:47:15 | 2145,021,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.17 18:03:54 | 004,456,448 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\NTUSER.DAT [2010.08.17 16:21:25 | 000,038,743 | ---- | M] () -- C:\WINDOWS\LpAVTC.XML [2010.08.17 16:21:25 | 000,000,387 | ---- | M] () -- C:\WINDOWS\LeAVTC.XML [2010.08.17 16:21:25 | 000,000,022 | ---- | M] () -- C:\WINDOWS\LoadConfig.ini [2010.08.17 16:06:39 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.17 15:27:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 11:05:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:26:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 13:09:00 | 000,009,216 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.02 15:45:45 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.26 12:05:59 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.07.26 09:28:37 | 000,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.23 18:12:56 | 000,002,615 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:05:42 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2010.08.17 16:21:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini [2010.08.17 15:27:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 15:27:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.16 14:14:19 | 000,015,735 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\hs_err_pid2448.log [2010.08.03 17:01:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll [2010.08.02 15:45:45 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.23 18:12:56 | 000,002,615 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\MeinProjekt.sonic [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex [2010.07.23 17:22:34 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex [2010.07.23 17:22:34 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn [2010.07.23 17:22:34 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor [2010.07.23 17:22:29 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl [2010.07.23 17:22:29 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab [2010.07.23 17:22:29 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl [2010.07.23 17:22:29 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl [2010.07.23 17:22:29 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab [2010.07.23 17:22:29 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls [2010.07.23 17:22:28 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls [2010.07.23 17:22:28 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls [2010.07.23 17:22:28 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls [2010.07.23 17:22:28 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl [2010.07.23 17:22:28 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl [2010.07.23 17:22:28 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl [2010.07.23 17:22:28 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2010.07.23 17:22:28 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2010.07.23 17:22:28 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl [2010.07.23 17:22:28 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl [2010.07.23 17:22:28 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl [2010.07.23 17:22:28 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl [2010.07.23 17:22:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl [2010.07.23 17:22:26 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB [2010.07.23 17:22:26 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB [2010.07.23 17:22:26 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls [2010.07.23 17:22:26 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls [2010.07.23 17:22:26 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls [2010.07.23 17:22:25 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex [2010.07.23 17:22:25 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls [2010.07.23 17:22:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls [2010.07.23 17:22:22 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls [2010.07.23 17:22:22 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls [2010.07.23 17:22:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls [2010.07.23 17:22:12 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls [2010.07.23 17:22:12 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls [2010.07.23 17:22:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls [2010.07.23 17:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls [2010.07.23 17:22:12 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls [2010.07.23 17:22:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls [2010.07.23 17:05:42 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk [2010.07.23 16:59:22 | 000,009,216 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 12:39:20 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.05.31 14:35:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dvwin32.INI [2010.05.17 10:18:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.07 12:13:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2010.05.07 12:13:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2010.05.07 12:12:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2010.05.07 12:12:43 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2010.05.07 12:12:26 | 000,000,680 | ---- | C] () -- C:\WINDOWS\tobit.ini [2009.05.07 13:13:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.05.04 14:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.19 16:24:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.11.19 15:49:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.11.19 15:48:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini [2008.10.08 10:37:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:03:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2008.05.23 12:35:36 | 000,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.10.25 16:18:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5o.DLL [2007.10.25 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.01 11:06:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.08.01 11:06:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.08.01 11:06:04 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.08.01 11:06:04 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.04.27 11:26:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini [2007.04.27 11:23:44 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll [2007.04.05 23:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.04.05 23:25:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.04.05 23:07:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.05 23:06:01 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2000.08.29 14:40:10 | 000,006,137 | ---- | C] () -- C:\WINDOWS\System32\E1.ini ========== LOP Check ========== [2007.11.30 15:47:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.02.16 18:01:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV [2009.12.24 15:30:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan [2007.08.01 11:06:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo [2008.02.21 10:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel [2007.08.01 11:06:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2007.08.01 11:18:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2010.08.17 15:27:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Aseq [2010.07.06 10:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Canon [2010.05.17 10:18:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\EPSON [2010.08.02 15:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.07.23 12:13:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\iZotope [2010.07.23 13:27:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Leadertech [2010.05.17 10:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\PFU [2010.05.17 10:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Tobit [2010.08.13 13:42:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Ulead Systems ========== Purity Check ========== < End of report > |
|
19.08.2010, 19:58
| #9 |
| /// Malwareteam | Sinowal Trojaner? Browser sehr langsam Immernoch das falsche Log Es erscheinen doch beim Scan zwei Logs? Beid posten. |
|
26.08.2010, 09:48
| #10 |
| | Sinowal Trojaner? Browser sehr langsam kann doch nich sein das ich so blöd bin...ich bin mir ganz sicher das das das extra log war. ok hier jetzt beide: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.08.2010 10:48:29 - Run 4 OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 232,72 Gb Total Space | 133,19 Gb Free Space | 57,23% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive K: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS Drive P: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS Drive R: | 930,24 Gb Total Space | 644,23 Gb Free Space | 69,25% Space Free | Partition Type: NTFS Drive S: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS Computer Name: WS17 Current User Name: Mlens Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.08.19 10:16:41 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\plugin-container.exe PRC - [2010.08.19 10:16:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe PRC - [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009.10.10 14:32:18 | 000,305,664 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2009.10.10 14:32:18 | 000,203,264 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.02.22 04:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_05\bin\jusched.exe PRC - [2007.10.31 15:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007.10.19 11:17:38 | 000,058,672 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe PRC - [2007.10.19 11:17:35 | 000,431,408 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe PRC - [2007.10.19 11:16:25 | 000,193,840 | ---- | M] (Panda Software) -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe PRC - [2007.10.16 11:40:26 | 000,041,776 | ---- | M] (Panda Security) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe PRC - [2007.09.10 21:30:02 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.bin PRC - [2007.09.10 21:30:00 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.exe PRC - [2007.07.04 09:48:46 | 000,226,608 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\PSCtrlC.exe PRC - [2007.05.24 10:31:25 | 000,108,592 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE PRC - [2007.04.04 03:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.03.30 22:14:06 | 001,769,472 | ---- | M] (PFU LIMITED) -- C:\Programme\ScanSnap\Driver\PfuSsMon.exe PRC - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe PRC - [2007.03.03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2007.01.15 14:42:14 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Programme\Panda Software\AVTC\pskmssvc.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.10.12 16:57:08 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe PRC - [2006.10.09 13:43:18 | 000,036,864 | ---- | M] (PFU Limited.) -- C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe PRC - [2006.04.26 08:39:18 | 000,143,360 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2006.04.26 08:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.03.20 17:34:50 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2006.03.17 18:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe PRC - [2005.09.08 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2004.08.26 22:43:06 | 000,056,320 | ---- | M] (Doug Fetter Software Wizardry) -- C:\WINDOWS\system32\delttray.exe PRC - [2003.04.04 09:42:28 | 000,606,208 | ---- | M] (Pmx. Electronics Ltd.) -- C:\WINDOWS\twain_32\FlatBed\HotKey.Exe ========== Modules (SafeList) ========== MOD - [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.10.31 15:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007.10.19 11:18:30 | 000,759,088 | ---- | M] (Panda Software) [On_Demand | Stopped] -- C:\Programme\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -- (PavReport) SRV - [2007.10.19 11:17:35 | 000,431,408 | ---- | M] (Panda Software) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (PAVAGENTE) SRV - [2007.10.19 11:16:25 | 000,193,840 | ---- | M] (Panda Software) [Auto | Running] -- C:\Programme\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -- (PavAtScheduler) SRV - [2007.10.16 11:40:26 | 000,041,776 | ---- | M] (Panda Security) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv) SRV - [2007.08.22 14:50:20 | 000,378,672 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\PANDA SOFTWARE\AVTC\PsCtrlS.exe -- (Panda Software Controller) SRV - [2007.07.16 15:14:20 | 000,148,272 | ---- | M] (Panda Software International) [Auto | Stopped] -- C:\Programme\Panda Software\AVTC\pavsrv51.exe -- (PavSrv) SRV - [2007.05.24 10:31:25 | 000,108,592 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\PSIMSVC.EXE -- (PsImSvc) SRV - [2007.03.06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2007.03.03 13:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2007.01.15 14:42:14 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Software\AVTC\pskmssvc.exe -- (PMShellSrv) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.04.26 08:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel(R) SRV - [2006.03.17 18:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon) SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.10.17 14:03:53 | 000,039,096 | ---- | M] (Panda Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2007.10.15 13:16:00 | 000,179,384 | ---- | M] (Panda Security) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc) DRV - [2007.06.06 11:43:31 | 000,083,640 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (pavdrv) DRV - [2006.11.23 17:20:06 | 000,018,432 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2006.10.10 14:03:48 | 000,246,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor) DRV - [2006.05.01 08:09:32 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.03.20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2006.03.12 11:04:00 | 003,520,160 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2005.09.12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2005.09.08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.09.08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.09.08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.09.08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.09.08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.09.08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.09.08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.08.25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.08.12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2004.09.10 11:28:46 | 000,291,456 | ---- | M] (Midiman/M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\delta.sys -- (DELTA) Service for Delta Driver (WDM) DRV - [2003.04.24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Programme\Broadcom\ASFIPMon\BASFND.sys -- (BASFND) DRV - [2002.07.17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2001.08.18 05:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2000.01.08 09:22:36 | 000,010,240 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row-rel/de/side.html?channel=de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.de/ig/dell?hl=de&client=dell-row-rel&channel=de&ibd=6070405 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.26 10:30:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.19 10:16:50 | 000,000,000 | ---D | M] [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Extensions [2010.05.17 11:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Mozilla\Firefox\Profiles\vhg7s429.default\extensions [2010.08.24 10:29:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.19 10:16:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.19 10:16:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.19 10:16:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.19 10:16:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.19 10:16:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DeltTray] C:\WINDOWS\System32\delttray.exe (Doug Fetter Software Wizardry) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EEventManager] C:\Programme\epson\Creativity Suite\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotKey] C:\WINDOWS\twain_32\FlatBed\HotKey.Exe (Pmx. Electronics Ltd.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Panda Controller Client] C:\Programme\PANDA SOFTWARE\AVTC\PSCtrlC.exe (Panda Software International) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS11 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe File not found O4 - HKCU..\Run: [extensions.exe] C:\extensions.exe\extensions.exe (egipqbitlnbayticivn) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CardMinder Viewer.lnk = C:\Programme\ScanSnap\CardMinder V3.1\CardLauncher.exe (PFU Limited.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\In PDF-Datei mit ScanSnap Organizer konvertieren.lnk = C:\Programme\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ScanSnap Manager.lnk = C:\Programme\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\syscron.exe (yrxbq) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.roofmusic.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{ba582c00-79fc-11df-8104-001aa008a721}\Shell\AutoRun\command - "" = J:\Toshiba\more4you.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.26 10:24:02 | 000,080,384 | R-S- | C] (yrxbq) -- C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\syscron.exe [2010.08.20 13:55:23 | 000,000,000 | ---D | C] -- C:\temp [2010.08.20 13:53:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft [2010.08.20 13:50:04 | 000,018,432 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\synasUSB.sys [2010.08.20 13:50:02 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe [2010.08.20 13:49:58 | 000,765,952 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll [2010.08.20 13:49:58 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll [2010.08.20 13:49:58 | 000,000,000 | ---D | C] -- C:\Programme\Syncrosoft [2010.08.19 10:18:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Downloads [2010.08.18 10:02:22 | 000,084,480 | ---- | C] (kxgqp) -- C:\WINDOWS\System32\0.13604457334250075.exe [2010.08.18 10:01:47 | 000,083,968 | R-S- | C] (jgwi) -- C:\syscron.exe [2010.08.17 16:37:59 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.17 16:21:01 | 000,292,400 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\PavSHook.dll [2010.08.17 16:21:01 | 000,161,328 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\TpUtil.dll [2010.08.17 16:21:01 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.dll [2010.08.17 16:21:01 | 000,063,024 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pavipc.dll [2010.08.17 16:21:01 | 000,054,712 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\drivers\npaflt.sys [2010.08.17 16:21:01 | 000,050,736 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\avldr.dll [2010.08.17 16:20:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Cisco Systems [2010.08.17 15:23:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Cyberlink [2010.08.17 14:13:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\CyberLink [2010.08.17 14:13:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\PowerDVD [2010.08.17 13:45:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 13:40:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.08.17 10:57:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:27:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.16 13:26:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.16 13:26:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.16 13:26:15 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.13 11:53:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Ulead VideoStudio [2010.08.03 17:01:39 | 000,000,000 | ---D | C] -- C:\Programme\DSPXMedia [2010.08.03 17:01:38 | 000,000,000 | ---D | C] -- C:\Programme\Macaw [2010.08.03 10:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Sun [2010.08.02 15:47:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\Ahead [2010.08.02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IoSubSys [2010.08.02 15:17:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\InterVideo [2010.08.02 15:17:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\InterVideo [2010.08.02 14:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\WINDOWS [2010.08.02 10:01:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mlens\Desktop\Köb ========== Files - Modified Within 30 Days ========== [2010.08.26 10:53:06 | 000,000,680 | ---- | M] () -- C:\WINDOWS\tobit.ini [2010.08.26 10:37:04 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.26 10:36:58 | 000,062,375 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml [2010.08.26 10:36:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.26 10:36:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.26 10:36:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.26 10:36:41 | 2145,021,952 | -HS- | M] () -- C:\hiberfil.sys [2010.08.26 10:35:55 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\NTUSER.DAT [2010.08.26 10:35:52 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\mlens\ntuser.ini [2010.08.26 10:24:29 | 000,080,384 | R-S- | M] (yrxbq) -- C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\syscron.exe [2010.08.26 10:06:03 | 002,145,976 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.23 13:35:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.20 13:53:34 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WaveLab 6.lnk [2010.08.19 11:03:11 | 000,012,288 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.18 10:02:26 | 000,084,480 | ---- | M] (kxgqp) -- C:\WINDOWS\System32\0.13604457334250075.exe [2010.08.18 10:01:59 | 000,083,968 | R-S- | M] (jgwi) -- C:\syscron.exe [2010.08.17 16:21:25 | 000,038,743 | ---- | M] () -- C:\WINDOWS\LpAVTC.XML [2010.08.17 16:21:25 | 000,000,387 | ---- | M] () -- C:\WINDOWS\LeAVTC.XML [2010.08.17 16:21:25 | 000,000,022 | ---- | M] () -- C:\WINDOWS\LoadConfig.ini [2010.08.17 16:06:39 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.08.17 15:27:03 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.17 13:45:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\mlens\Desktop\OTL.exe [2010.08.17 11:05:55 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\mlens\Desktop\HiJackThis204.exe [2010.08.16 13:26:21 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\mlens\Desktop\mbam-setup-1.46.exe [2010.08.02 15:45:45 | 000,001,749 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | M] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue ========== Files Created - No Company Name ========== [2010.08.20 13:53:34 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WaveLab 6.lnk [2010.08.20 13:50:07 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm [2010.08.20 13:50:07 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm [2010.08.20 13:50:07 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm [2010.08.17 16:21:01 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini [2010.08.17 15:27:03 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.08.17 15:27:03 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.08.17 14:30:03 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Desktop\o5cqj91p.exe [2010.08.16 14:14:19 | 000,015,735 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\hs_err_pid2448.log [2010.08.03 17:01:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\libDSPXUtils.dll [2010.08.02 15:45:45 | 000,001,749 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\woanders ist auch weihnachten.cue [2010.08.02 15:30:17 | 000,001,772 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Eigene Dateien\Unbekannter Titel.cue [2010.07.23 16:59:22 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 12:39:20 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2010.05.31 14:35:22 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dvwin32.INI [2010.05.17 10:18:14 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.05.07 12:13:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2010.05.07 12:13:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2010.05.07 12:12:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2010.05.07 12:12:43 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2010.05.07 12:12:26 | 000,000,680 | ---- | C] () -- C:\WINDOWS\tobit.ini [2009.05.07 13:13:02 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2009.05.04 14:25:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.11.19 16:24:54 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI [2008.11.19 15:49:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2008.11.19 15:48:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE V500DEFGIPSRUk.ini [2008.10.08 10:37:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.05.27 11:03:51 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI [2008.05.23 12:35:36 | 000,000,307 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.10.25 16:18:47 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5o.DLL [2007.10.25 15:46:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.01 11:06:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.08.01 11:06:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.08.01 11:06:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.08.01 11:06:04 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.08.01 11:06:04 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.04.27 11:26:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini [2007.04.27 11:23:44 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll [2007.04.05 23:27:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.04.05 23:25:44 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2007.04.05 23:07:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2007.04.05 23:06:01 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.10 02:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.08.13 14:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 13:40:42 | 000,011,284 | R-S- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\usernt.dat [2004.08.13 13:40:42 | 000,000,295 | R-S- | C] () -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\usernt.dat [2000.08.29 14:40:10 | 000,006,137 | ---- | C] () -- C:\WINDOWS\System32\E1.ini < End of report > und OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.08.2010 10:48:29 - Run 4
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Dokumente und Einstellungen\mlens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,72 Gb Total Space | 133,19 Gb Free Space | 57,23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive N: | 39,07 Gb Total Space | 2,87 Gb Free Space | 7,35% Space Free | Partition Type: NTFS
Drive P: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Drive R: | 930,24 Gb Total Space | 644,23 Gb Free Space | 69,25% Space Free | Partition Type: NTFS
Drive S: | 1032,54 Gb Total Space | 842,18 Gb Free Space | 81,56% Space Free | Partition Type: NTFS
Computer Name: WS17
Current User Name: Mlens
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe" = C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (Panda Software)
"C:\Programme\Panda Software\AVTC\PSHost.exe" = C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe -- (Panda Software International)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe" = C:\Programme\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (Panda Software)
"C:\Programme\InterVideo\DVD8\WinDVD.exe" = C:\Programme\InterVideo\DVD8\WinDVD.exe:*:Disabled:WinDVD -- (InterVideo Inc.)
"C:\Programme\Panda Software\AVTC\PSHost.exe" = C:\Programme\PANDA SOFTWARE\AVTC\PSHost.exe -- (Panda Software International)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601" = CanoScan LiDE 700F Scanner Driver
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6
"{59B13FD3-AD00-4E2C-AE30-0556451EC0DE}" = ScanSnap Organizer
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71EC91AF-279E-440A-BB0C-AD2C6598F601}" = CardMinder V3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91CA0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.1
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB250000-0001-0000-0000-074957833700}" = ABBYY FineReader for ScanSnap (TM) 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe SVG Viewer" = Adobe SVG Viewer
"ASAPI Update" = ASAPI Update
"Audacity 1.3 Beta_is1" = Audacity 1.3.0
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.20
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video ReMaker_is1" = AVS Video ReMaker 2.4
"AVTC" = Panda Security for Desktops
"Canon iP4500 series Benutzerregistrierung" = Canon iP4500 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"David Client" = David Client
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"eBay Icon" = eBay Icon
"EPSON PERFECTION V500 PHOTO Benutzerhandbuch" = EPSON PERFECTION V500 PHOTO Handbuch
"EPSON Scanner" = EPSON Scan
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FileZilla Client" = FileZilla Client 3.2.0
"Free Create-Burn ISO Image_is1" = Free Create-Burn ISO Image v2.0
"Free FLV Converter_is1" = Free FLV Converter V 6.5
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"IrfanView" = IrfanView (remove only)
"iZotope RX_is1" = iZotope RX
"Macaw_is1" = Macaw 301
"Macromedia Dreamweaver 2" = Macromedia Dreamweaver 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"SopCast" = SopCast 3.2.9
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Uninstall_is1" = Uninstall 1.0.0.1
"USB Scanner" = USB Scanner
"VLC media player" = VLC media player 1.1.1
"WaveLab Essential" = WaveLab Essential
"WaveLabPro" = WaveLab 6
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.08.2010 04:03:28 | Computer Name = WS17 | Source = Userenv | ID = 1030
Description = Die Abfrage der Liste der Gruppenrichtlinienobjekte ist fehlgeschlagen.
Bisher wurde eine Fehlermeldung dieser Art im Richtlinienmodul protokolliert.
Error - 26.08.2010 04:03:28 | Computer Name = WS17 | Source = Userenv | ID = 1110
Description = Der Versuch, zu ermitteln, ob sich der angegebene Benutzer und Computer
in derselben Gesamtstruktur befinden, ist fehlgeschlagen (Die Schnittstelle ist
unbekannt. ).
Error - 26.08.2010 04:06:07 | Computer Name = WS17 | Source = Userenv | ID = 1097
Description = Das Computerkonto wurde nicht gefunden, Für die Authentifizierung
war keine Autorität erreichbar. .
Error - 26.08.2010 04:06:07 | Computer Name = WS17 | Source = Userenv | ID = 1030
Description = Die Abfrage der Liste der Gruppenrichtlinienobjekte ist fehlgeschlagen.
Bisher wurde eine Fehlermeldung dieser Art im Richtlinienmodul protokolliert.
Error - 26.08.2010 04:06:07 | Computer Name = WS17 | Source = Userenv | ID = 1110
Description = Der Versuch, zu ermitteln, ob sich der angegebene Benutzer und Computer
in derselben Gesamtstruktur befinden, ist fehlgeschlagen (Die Schnittstelle ist
unbekannt. ).
Error - 26.08.2010 04:24:30 | Computer Name = WS17 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0ea12626.
Error - 26.08.2010 04:27:34 | Computer Name = WS17 | Source = Userenv | ID = 1053
Description = Der Benutzer oder der Computername kann nicht ermittelt werden. (Die
angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt
werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 26.08.2010 04:27:34 | Computer Name = WS17 | Source = Userenv | ID = 1054
Description = Der Domänencontrollername für das Computernetzwerk konnte nicht ermittelt
werden. (Die angegebene Domäne ist nicht vorhanden oder es konnte keine Verbindung
hergestellt werden. ). Die Verarbeitung der Gruppenrichtlinie wurde abgebrochen.
Error - 26.08.2010 04:27:38 | Computer Name = WS17 | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "lokaler Computer" konnte
keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene Domäne
ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden. Die Registrierung
wird nicht durchgeführt.
Error - 26.08.2010 04:28:05 | Computer Name = WS17 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x0eac2626.
[ System Events ]
Error - 26.08.2010 04:35:53 | Computer Name = WS17 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Anmeldedienst" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 26.08.2010 04:35:53 | Computer Name = WS17 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 26.08.2010 04:35:53 | Computer Name = WS17 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Panda Software Controller" ist vom Dienst "Kryptografiedienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 26.08.2010 04:35:53 | Computer Name = WS17 | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde nicht ordnungsgemäß
gestartet.
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kryptografiedienste.
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kryptografiedienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Panda Antivirus Service" ist vom Dienst "Kryptografiedienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Designs.
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Designs" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 26.08.2010 04:38:22 | Computer Name = WS17 | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Panda Software Controller" ist vom Dienst "Kryptografiedienste"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053
< End of report >
ok, anscheinend war ich doch so blöd...da steht ja oben sogar extra.log ...seltsam seltsam .) |
|
26.08.2010, 18:27
| #11 | ||
| /// Malwareteam | Sinowal Trojaner? Browser sehr langsam Schritt 1 Hast Du Dir inzwischen bereits wieder Sachen an Board geholt: Zitat:
Sicherheitsrisiko Adobe Arcrobat Reader Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Die Empfehlung lautet, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.3.x herunter und installiere ihn, achte bei der Installation darauf, Zusatzprogramme und/oder Toolbars abzuwählen. Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, kannst Du stattdessen auch einen alternativen PDF-Anzeiger zu nutzen, beispielsweise den Foxit PDF Reader. Er ist "schlanker" und benutzt weniger Resourcen. Achte auch hier darauf, bei der Installation Zusatzprogramme und/oder Toolbars abzuwählen. Schritt 3 Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Schritt 4 Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [{CE373484-3393-B24C-4116-54883ED3D8B1}] C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\Loamxu\heho.exe File not found
O4 - HKCU..\Run: [extensions.exe] C:\extensions.exe\extensions.exe (egipqbitlnbayticivn)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
[2010.08.26 10:24:02 | 000,080,384 | R-S- | C] (yrxbq) -- C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\syscron.exe
[2010.08.18 10:02:22 | 000,084,480 | ---- | C] (kxgqp) -- C:\WINDOWS\System32\0.13604457334250075.exe
[2010.08.18 10:01:47 | 000,083,968 | R-S- | C] (jgwi) -- C:\syscron.exe
[2004.08.13 13:40:42 | 000,011,284 | R-S- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\usernt.dat
[2004.08.13 13:40:42 | 000,000,295 | R-S- | C] () -- C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\usernt.dat
[2010.08.26 10:06:03 | 002,145,976 | -H-- | M] () -- C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\IconCache.db
:Commands
[purity]
[emptytemp]
Schritt 5 Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.
Zitat:
|
|
27.08.2010, 09:43
| #12 |
| | Sinowal Trojaner? Browser sehr langsam du bist der beste...werd ich jetzt alles exakt so machen! |
|
27.08.2010, 11:07
| #13 |
| | Sinowal Trojaner? Browser sehr langsamCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{CE373484-3393-B24C-4116-54883ED3D8B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE373484-3393-B24C-4116-54883ED3D8B1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\extensions.exe not found.
File C:\extensions.exe\extensions.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File C:\Dokumente und Einstellungen\mlens\Startmenü\Programme\Autostart\syscron.exe not found.
C:\WINDOWS\system32\0.13604457334250075.exe moved successfully.
C:\syscron.exe moved successfully.
File C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\usernt.dat not found.
File C:\Dokumente und Einstellungen\mlens\Anwendungsdaten\usernt.dat not found.
C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Anwendungsdaten\IconCache.db moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: administrator.LOCAL
->Temp folder emptied: 4731 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
User: ADMINI~1~LOC
User: All Users
User: annam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: arade
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: awron
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: bkowa
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: dgons
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: karom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: kgoss
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 1087012 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes
User: mlens
->Temp folder emptied: 28566012 bytes
->Temporary Internet Files folder emptied: 18067886 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98569286 bytes
->Flash cache emptied: 24936 bytes
User: mmoen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: mwelt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 693433 bytes
->Java cache emptied: 588312 bytes
->Flash cache emptied: 866 bytes
User: sgrue
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: theim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ukop
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: yfisc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5417958 bytes
RecycleBin emptied: 2198834094 bytes
Total Files Cleaned = 2.243,00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 08272010_113152
Files\Folders moved on Reboot...
File\Folder C:\Dokumente und Einstellungen\mlens\Lokale Einstellungen\Temp\Perflib_Perfdata_1564.dat not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IJM0PWYT\default[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IJM0PWYT\google_de[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\IJM0PWYT\search[1].htm not found!
Registry entries deleted on Reboot...
hier auch noch der RKU.txt: Code:
ATTFilter RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 3911680 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 81.76 )
0xB8C94000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3522560 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 81.76 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xA8EFE000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 749568 bytes
0xB9E53000 iaStor.sys 749568 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB9D54000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8FB5000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8AD5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB04F6000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA70DE000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB8BC2000 C:\WINDOWS\system32\DRIVERS\MAudioDelta.sys 299008 bytes (Avid Technology, Inc., M-Audio Delta PCI driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA6ACA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8B33000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xA71FD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D27000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA4296000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA7063000 C:\WINDOWS\system32\DRIVERS\PavProc.sys 176128 bytes (Panda Security, Panda Process Protection driver)
0xA9025000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB8C2F000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 167936 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB8C58000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB04A6000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F22000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, E/A-Treiber für NT Datenträgerverwaltung)
0xB0480000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8C0B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8B9F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB045E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E33000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xB9D0D000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA7C0F000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DF4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8B74000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA7C27000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA7BF9000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9E0B000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xA7394000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B8B000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Treiber für parallelen Anschluss)
0xB8C80000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB054F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA7C3D000 C:\WINDOWS\system32\DRIVERS\pavdrv51.sys 77824 bytes (Panda Software International, Antivirus Filter Driver for Windows XP/2003 x86)
0xB9DE1000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9E21000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xB8B63000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA9AA5000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Treiber für serielle Geräte)
0xB0E81000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xB0EC1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB14AA000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xAA047000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xAC3A2000 C:\WINDOWS\system32\drivers\SynasUSB.sys 45056 bytes (SIA Syncrosoft, SynasUSB.sys)
0xB6422000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prozessorgerätetreiber)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xBA258000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA218000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB1315000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA208000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xAA7BA000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB0ED1000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB148A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA370000 C:\WINDOWS\System32\Drivers\Asapi.SYS 32768 bytes (VOB Computersysteme GmbH, ASAPI)
0xB154C000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB11D9000 C:\WINDOWS\system32\Drivers\ShlDrv51.sys 32768 bytes (Panda Security, PandaShield driver)
0xB1544000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA480000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA378000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xB1564000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA398000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB11D1000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB156C000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB155C000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB1554000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA388000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA390000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB11C9000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA7236000 C:\WINDOWS\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xA9DA9000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB04EA000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB13FA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB04D2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB1ABA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB2034000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB04F2000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB2028000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAC2D7000 C:\Programme\Broadcom\ASFIPMon\BASFND.sys 8192 bytes (Broadcom Corporation, Broadcom NetDetect Driver.)
0xBA5E8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA610000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA5AE000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5EA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5EC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA612000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5E4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA747000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA769000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xB07B2000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB0C2C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
!!!!!!!!!!!Hidden driver: 0x89561AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x897229F0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9E53000 WARNING: suspicious driver modification [iaStor.sys::0x89561AEA]
0xB045E000 WARNING: Virus alike driver modification [afd.sys], 139264 bytes
Geändert von Rooq (27.08.2010 um 11:12 Uhr) |
|
27.08.2010, 17:50
| #14 |
| /// Malwareteam | Sinowal Trojaner? Browser sehr langsamCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**  
|
|
30.08.2010, 10:00
| #15 |
| | Sinowal Trojaner? Browser sehr langsam Das ist jetzt mies....ComboFix ist komplett durchgelaufen, hat den Rechner neu gestartet, hat gesagt das es jetzt n log erstellt und ich nix starten soll bevor combofix fertig ist.....und dann hat sich der rechner komplett aufgehängt und ich hatte einen schönen blauen Bildschirm und musste den Rechner neu starten. Danach kam nix mehr von ComboFix. |
|
| Themen zu Sinowal Trojaner? Browser sehr langsam |
| 2 infizierte dateien, antivirus, ask toolbar, ask.com, bho, browser, canon, desktop, error, excel, firefox, hijack, hijackthis, hkus\s-1-5-18, home, infizierte dateien, internet, internet explorer, langsam, mozilla, object, pdfforge toolbar, problem, rundll, scan, sehr langsam, sinowal, software, spigot, system, trojaner, trojaner?, uleadburninghelper, windows, windows xp |
.
Linear-Darstellung
